@lunanoir/dep-lens 0.1.0 → 0.1.2

package/README.md

@@ -1,19 +1,24 @@
 # dep-lens
 
-Scan the licenses of your npm/yarn/pnpm and Cargo dependencies and report
-commercial-use risk, in an interactive terminal UI or as JSON/HTML for CI.
+Scan your project's third-party dependencies across **9 ecosystems** (npm,
+Cargo, Go, Python, Ruby, PHP, Java, Dart/Flutter, C/C++), classify every
+license (permissive / weak copyleft / strong copyleft / unknown), score
+commercial-use risk, and browse the results in a fast, colorful terminal UI
+or as JSON/CSV/Markdown/HTML for CI.
 
 ```sh
-npm install -g dep-lens
+npm install -g @lunanoir/dep-lens
 
 dep-lens                      # interactive TUI
+dep-lens --tr                 # Turkish UI (Turkce arayuz)
 dep-lens --json               # raw JSON to stdout
 dep-lens --html report.html   # standalone HTML report
+dep-lens --test               # self-check: verify the scanner on this project
 dep-lens --fail-on gpl        # exit 1 when strong copyleft is found (CI gate)
 dep-lens --path ../my-app --ignore left-pad
 ```
 
-Full documentation: https://github.com/dep-lens/dep-lens
+Full documentation: https://github.com/lunanoir21/dep-lens
 
 This package contains the CLI and TUI; the native scanner binary is delivered
 through a platform-specific optional dependency (Linux x64, macOS x64/arm64,

package/dist/ansi.js

@@ -0,0 +1,33 @@
+/**
+ * Minimal truecolor ANSI helpers for plain-console output (postinstall
+ * wizard, --test report) where rendering a full Ink tree would be overkill.
+ * Colors mirror `ui/theme.ts` PALETTE. No-ops when stdout is not a TTY.
+ */
+function hexToRgb(hex) {
+    const value = hex.replace('#', '');
+    return [
+        parseInt(value.slice(0, 2), 16),
+        parseInt(value.slice(2, 4), 16),
+        parseInt(value.slice(4, 6), 16),
+    ];
+}
+function colorize(text, hex) {
+    if (!process.stdout.isTTY) {
+        return text;
+    }
+    const [r, g, b] = hexToRgb(hex);
+    return `\x1b[38;2;${r};${g};${b}m${text}\x1b[39m`;
+}
+export const good = (text) => colorize(text, '#4ade80');
+export const ok = (text) => colorize(text, '#fbbf24');
+export const bad = (text) => colorize(text, '#fb7185');
+export const unknown = (text) => colorize(text, '#94a3b8');
+export const brand = (text) => colorize(text, '#38bdf8');
+export const accent = (text) => colorize(text, '#a78bfa');
+export const dim = (text) => colorize(text, '#64748b');
+export function bold(text) {
+    if (!process.stdout.isTTY) {
+        return text;
+    }
+    return `\x1b[1m${text}\x1b[22m`;
+}

package/dist/args.js

@@ -14,6 +14,10 @@ OPTIONS:
     --path <DIR>       Project directory to scan (default: current directory)
     --ignore <NAMES>   Comma-separated package names to exclude (repeatable)
     --tr               Turkish UI (Turkce arayuz)
+    --test             Run a self-check: verify the scanner binary and
+                       report which ecosystems it detects in --path
+    --setup            Re-run the interactive setup wizard (language,
+                       PATH check) even outside of npm install
     --help             Show this help
     --version          Show version
 
@@ -43,8 +47,11 @@ export function parseArgs(argv) {
         path: '.',
         ignore: [],
         locale: 'en',
+        localeExplicit: false,
         help: false,
         version: false,
+        test: false,
+        setup: false,
     };
     for (let i = 0; i < argv.length; i += 1) {
         const arg = argv[i];
@@ -89,6 +96,13 @@ export function parseArgs(argv) {
             }
             case '--tr':
                 options.locale = 'tr';
+                options.localeExplicit = true;
+                break;
+            case '--test':
+                options.test = true;
+                break;
+            case '--setup':
+                options.setup = true;
                 break;
             case '--help':
             case '-h':

package/dist/cli.js

@@ -5,6 +5,9 @@ import React from 'react';
 import { render } from 'ink';
 import { parseArgs, USAGE } from './args.js';
 import { renderCsv, renderHtml, renderMarkdown, runScan } from './bridge.js';
+import { readConfig } from './config.js';
+import { main as runSetupWizard } from './postinstall.js';
+import { runSelfTest } from './selftest.js';
 import { violations } from './utils.js';
 import { Root } from './ui/Root.js';
 function packageVersion() {
@@ -44,7 +47,21 @@ async function main() {
         process.stdout.write(`dep-lens ${packageVersion()}\n`);
         return;
     }
+    if (!options.localeExplicit) {
+        const config = await readConfig();
+        if (config.locale !== undefined) {
+            options.locale = config.locale;
+        }
+    }
+    if (options.setup) {
+        await runSetupWizard(true);
+        return;
+    }
     const scanOptions = { path: options.path, ignore: options.ignore, locale: options.locale };
+    if (options.test) {
+        process.exitCode = await runSelfTest(scanOptions);
+        return;
+    }
     if (options.json) {
         const report = await runScan(scanOptions);
         process.stdout.write(`${JSON.stringify(report, null, 2)}\n`);

package/dist/config.js

@@ -0,0 +1,35 @@
+import { mkdir, readFile, writeFile } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import path from 'node:path';
+function configDir() {
+    const xdg = process.env['XDG_CONFIG_HOME'];
+    const base = xdg && xdg.length > 0 ? xdg : path.join(homedir(), '.config');
+    return path.join(base, 'dep-lens');
+}
+export function configPath() {
+    return path.join(configDir(), 'config.json');
+}
+/** Read the user config; returns `{}` if missing or unreadable/invalid. */
+export async function readConfig() {
+    try {
+        const raw = await readFile(configPath(), 'utf8');
+        const parsed = JSON.parse(raw);
+        if (typeof parsed !== 'object' || parsed === null) {
+            return {};
+        }
+        const record = parsed;
+        const config = {};
+        if (record['locale'] === 'en' || record['locale'] === 'tr') {
+            config.locale = record['locale'];
+        }
+        return config;
+    }
+    catch {
+        return {};
+    }
+}
+/** Write the user config, creating `~/.config/dep-lens/` if needed. */
+export async function writeConfig(config) {
+    await mkdir(configDir(), { recursive: true });
+    await writeFile(configPath(), `${JSON.stringify(config, null, 2)}\n`, 'utf8');
+}

package/dist/detect.js

@@ -0,0 +1,26 @@
+import { existsSync } from 'node:fs';
+import path from 'node:path';
+/** Manifest files dep-lens looks for, one entry per supported ecosystem. */
+export const ECOSYSTEM_SIGNATURES = [
+    { id: 'npm', label: 'npm / yarn / pnpm', files: ['package.json'] },
+    { id: 'cargo', label: 'Cargo', files: ['Cargo.toml'] },
+    { id: 'go', label: 'Go', files: ['go.mod'] },
+    {
+        id: 'python',
+        label: 'Python',
+        files: ['pyproject.toml', 'requirements.txt', 'Pipfile', 'poetry.lock', 'uv.lock'],
+    },
+    { id: 'ruby', label: 'Ruby', files: ['Gemfile', 'Gemfile.lock'] },
+    { id: 'php', label: 'PHP', files: ['composer.json'] },
+    {
+        id: 'java',
+        label: 'Java',
+        files: ['pom.xml', 'build.gradle', 'build.gradle.kts', 'gradle.lockfile'],
+    },
+    { id: 'dart', label: 'Dart / Flutter', files: ['pubspec.yaml'] },
+    { id: 'cpp', label: 'C/C++', files: ['vcpkg.json', 'conanfile.txt'] },
+];
+/** Ecosystem signatures whose manifest files are present under `dir`. */
+export function detectEcosystems(dir) {
+    return ECOSYSTEM_SIGNATURES.filter((eco) => eco.files.some((file) => existsSync(path.join(dir, file))));
+}

package/dist/postinstall.js

@@ -0,0 +1,146 @@
+#!/usr/bin/env node
+/**
+ * Postinstall setup wizard. Runs once after `npm install`, detects the
+ * caller's project ecosystems, asks for a default UI language, and checks
+ * whether the global npm bin directory (where the `dep-lens` launcher
+ * lands) is on PATH.
+ *
+ * Skips entirely in non-interactive environments (CI, piped installs, or
+ * when npm doesn't attach a TTY to lifecycle scripts) so it never blocks an
+ * install.
+ */
+import { execFile } from 'node:child_process';
+import { createInterface } from 'node:readline';
+import { promisify } from 'node:util';
+import { accent, bad, bold, brand, dim, good } from './ansi.js';
+import { detectEcosystems } from './detect.js';
+import { readConfig, writeConfig } from './config.js';
+const execFileAsync = promisify(execFile);
+const PROMPT_TIMEOUT_MS = 15_000;
+function isInteractive() {
+    if (process.env['CI'] === 'true' || process.env['CI'] === '1') {
+        return false;
+    }
+    if (process.env['DEP_LENS_SKIP_SETUP'] === '1') {
+        return false;
+    }
+    return process.stdin.isTTY === true && process.stdout.isTTY === true;
+}
+/** Ask a yes/no question with a default answer if the user just presses enter. */
+async function askYesNo(question, defaultYes) {
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    const suffix = defaultYes ? 'Y/n' : 'y/N';
+    return new Promise((resolve) => {
+        const timer = setTimeout(() => {
+            rl.close();
+            resolve(defaultYes);
+        }, PROMPT_TIMEOUT_MS);
+        rl.question(`${question} [${suffix}] `, (answer) => {
+            clearTimeout(timer);
+            rl.close();
+            const trimmed = answer.trim().toLowerCase();
+            if (trimmed === '') {
+                resolve(defaultYes);
+                return;
+            }
+            resolve(trimmed === 'y' || trimmed === 'yes' || trimmed === 'e' || trimmed === 'evet');
+        });
+    });
+}
+async function npmGlobalBinDir() {
+    try {
+        const { stdout } = await execFileAsync('npm', ['bin', '-g']);
+        const dir = stdout.trim();
+        return dir.length > 0 ? dir : null;
+    }
+    catch {
+        try {
+            const { stdout } = await execFileAsync('npm', ['prefix', '-g']);
+            const prefix = stdout.trim();
+            return prefix.length > 0 ? `${prefix}/bin` : null;
+        }
+        catch {
+            return null;
+        }
+    }
+}
+function pathContains(dir) {
+    const pathEnv = process.env['PATH'] ?? '';
+    const sep = process.platform === 'win32' ? ';' : ':';
+    return pathEnv.split(sep).some((entry) => entry.replace(/[/\\]+$/, '') === dir.replace(/[/\\]+$/, ''));
+}
+/**
+ * Run the setup wizard. `force` skips the TTY/CI checks (used by
+ * `dep-lens --setup`, where the user explicitly asked for it).
+ */
+export async function main(force = false) {
+    // Always print a one-line banner so even non-interactive installs show
+    // something useful, but never prompt unless we have a real TTY.
+    const cwd = process.env['INIT_CWD'] ?? process.cwd();
+    const detected = detectEcosystems(cwd);
+    process.stdout.write(`\n${bold(brand('dep-lens'))} installed.\n`);
+    if (detected.length > 0) {
+        const labels = detected.map((eco) => eco.label).join(', ');
+        process.stdout.write(`${dim('detected in this project:')} ${good(labels)}\n`);
+    }
+    if (!force && !isInteractive()) {
+        process.stdout.write(`${dim('run')} dep-lens ${dim('to scan, or')} dep-lens --help\n\n`);
+        return;
+    }
+    process.stdout.write(`\n${bold('Quick setup')} ${dim('(press enter to accept defaults)')}\n`);
+    // --- default language -----------------------------------------------
+    const config = await readConfig();
+    const wantsTurkish = await askYesNo(`${accent('?')} Use Turkish UI by default (--tr)?`, config.locale === 'tr');
+    config.locale = wantsTurkish ? 'tr' : 'en';
+    await writeConfig(config);
+    // --- PATH check --------------------------------------------------------
+    const binDir = await npmGlobalBinDir();
+    if (binDir !== null && !pathContains(binDir)) {
+        process.stdout.write(`\n${bad('!')} ${binDir} is not on your PATH, so ${bold('dep-lens')} may not run yet.\n`);
+        const addPath = await askYesNo(`${accent('?')} Add it to your shell profile now?`, true);
+        if (addPath) {
+            await appendToShellProfile(binDir);
+        }
+        else {
+            process.stdout.write(`${dim('add manually:')} export PATH="${binDir}:$PATH"\n`);
+        }
+    }
+    process.stdout.write(`\n${good('done.')} ${dim('run')} dep-lens ${dim('to get started.')}\n\n`);
+}
+async function appendToShellProfile(binDir) {
+    if (process.platform === 'win32') {
+        process.stdout.write(`${dim('on Windows, add this to your PATH via System Properties > Environment Variables:')}\n${binDir}\n`);
+        return;
+    }
+    const { homedir } = await import('node:os');
+    const { appendFile, readFile } = await import('node:fs/promises');
+    const path = await import('node:path');
+    const shell = (process.env['SHELL'] ?? '').split('/').pop() ?? '';
+    const rcFile = shell === 'fish'
+        ? path.join(homedir(), '.config', 'fish', 'config.fish')
+        : shell === 'zsh'
+            ? path.join(homedir(), '.zshrc')
+            : path.join(homedir(), '.bashrc');
+    const line = shell === 'fish'
+        ? `fish_add_path "${binDir}"`
+        : `export PATH="${binDir}:$PATH"`;
+    try {
+        const existing = await readFile(rcFile, 'utf8').catch(() => '');
+        if (existing.includes(binDir)) {
+            process.stdout.write(`${dim('already present in')} ${rcFile}\n`);
+            return;
+        }
+        await appendFile(rcFile, `\n# added by dep-lens postinstall\n${line}\n`);
+        process.stdout.write(`${good('added to')} ${rcFile}${dim(' - open a new terminal to apply.')}\n`);
+    }
+    catch {
+        process.stdout.write(`${dim('could not update shell profile, add manually:')} ${line}\n`);
+    }
+}
+// Only auto-run when invoked directly as the postinstall script, not when
+// imported by `dep-lens --setup`.
+if (process.argv[1]?.endsWith('postinstall.js')) {
+    main().catch(() => {
+        // Never fail the install over the setup wizard.
+    });
+}

package/dist/selftest.js

@@ -0,0 +1,106 @@
+import { execFile } from 'node:child_process';
+import path from 'node:path';
+import { promisify } from 'node:util';
+import { bad, bold, brand, dim, good, ok } from './ansi.js';
+import { resolveBinaryPath, runScan } from './bridge.js';
+import { detectEcosystems } from './detect.js';
+const execFileAsync = promisify(execFile);
+function statusGlyph(passed) {
+    return passed ? good('PASS') : bad('FAIL');
+}
+/**
+ * `dep-lens --test`: verify the native scanner binary runs, scan
+ * `options.path`, and report which of the ecosystems detected by their
+ * manifest files actually produced packages. Returns the process exit code.
+ */
+export async function runSelfTest(options) {
+    const checks = [];
+    let exitCode = 0;
+    process.stdout.write(`${bold(brand('dep-lens --test'))} ${dim(`(${path.resolve(options.path)})`)}\n\n`);
+    // 1. Binary resolves and runs.
+    let binaryPath;
+    try {
+        binaryPath = resolveBinaryPath();
+    }
+    catch (error) {
+        checks.push({
+            label: 'native scanner binary',
+            ok: false,
+            detail: error instanceof Error ? error.message : String(error),
+        });
+        printChecks(checks);
+        return 2;
+    }
+    try {
+        const { stdout } = await execFileAsync(binaryPath, ['--version']);
+        checks.push({ label: 'native scanner binary', ok: true, detail: stdout.trim() });
+    }
+    catch (error) {
+        checks.push({
+            label: 'native scanner binary',
+            ok: false,
+            detail: error instanceof Error ? error.message : String(error),
+        });
+        printChecks(checks);
+        return 2;
+    }
+    // 2. Run a scan.
+    let report;
+    try {
+        report = await runScan(options);
+        checks.push({
+            label: 'scan',
+            ok: true,
+            detail: `${report.summary.total} package(s) found`,
+        });
+    }
+    catch (error) {
+        checks.push({
+            label: 'scan',
+            ok: false,
+            detail: error instanceof Error ? error.message : String(error),
+        });
+        printChecks(checks);
+        return 2;
+    }
+    // 3. Per-ecosystem: every manifest dep-lens recognizes in this project
+    //    should have produced at least one package.
+    const detected = detectEcosystems(options.path);
+    const foundEcosystems = new Set(report.packages.map((pkg) => pkg.ecosystem));
+    for (const eco of detected) {
+        const found = foundEcosystems.has(eco.id);
+        const count = report.packages.filter((pkg) => pkg.ecosystem === eco.id).length;
+        if (!found) {
+            exitCode = 1;
+        }
+        checks.push({
+            label: eco.label,
+            ok: found,
+            detail: found ? `${count} package(s)` : 'manifest found but no packages reported',
+        });
+    }
+    if (detected.length === 0) {
+        checks.push({
+            label: 'ecosystems',
+            ok: true,
+            detail: 'no recognized manifests in this directory',
+        });
+    }
+    // 4. Unknown licenses are a warning, not a failure.
+    if (report.summary.unknown > 0) {
+        checks.push({
+            label: 'license coverage',
+            ok: true,
+            detail: `${ok(String(report.summary.unknown))} package(s) with unknown license`,
+        });
+    }
+    printChecks(checks);
+    process.stdout.write(`\n${exitCode === 0 ? good('all checks passed') : bad('some checks failed')}\n`);
+    return exitCode;
+}
+function printChecks(checks) {
+    const width = Math.max(...checks.map((c) => c.label.length), 8);
+    for (const check of checks) {
+        process.stdout.write(`  ${statusGlyph(check.ok)}  ${check.label.padEnd(width)}  ${dim(check.detail)}\n`);
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lunanoir/dep-lens",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Dependency license scanner across npm, Cargo, Go, Python, Ruby, PHP, Java, Dart, and C/C++ with commercial risk reporting",
   "type": "module",
   "license": "MIT",
@@ -32,7 +32,8 @@
   ],
   "scripts": {
     "build": "tsc",
-    "test": "tsc && node --test \"dist/test/**/*.test.js\""
+    "test": "tsc && node --test \"dist/test/**/*.test.js\"",
+    "postinstall": "node dist/postinstall.js"
   },
   "dependencies": {
     "ink": "^5.2.1",
@@ -41,7 +42,7 @@
   "optionalDependencies": {
     "@lunanoir/dep-lens-darwin-arm64": "0.1.0",
     "@lunanoir/dep-lens-darwin-x64": "0.1.0",
-    "@lunanoir/dep-lens-linux-x64": "0.1.0",
+    "@lunanoir/dep-lens-linux-x64": "0.1.1",
     "@lunanoir/dep-lens-win32-x64": "0.1.0"
   },
   "devDependencies": {